IETF Logo Mail Archive

Re: [Cbor] [COSE] New deterministic CBOR Libraries (Rust & Swift) from Blockchain Commons

Laurence Lundblade <lgl@island-resort.com> Thu, 16 February 2023 18:13 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 768BEC1BE86F; Thu, 16 Feb 2023 10:13:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4_lPMrjhC0Vr; Thu, 16 Feb 2023 10:13:42 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1583C17CE92; Thu, 16 Feb 2023 10:13:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IuIud+N6xj/8I5ml5xnzSEIvkIitLj8QC1WOSc5SEQdJKq2KuMiMAGCxgPwxd7GpLcckr/HT3bXwUwyoLkFN9zETjpzSdWX9jG3LeDge57QgOXeFLjezKcWh27ThJl7GUrjOH+HNmJA2vB9VDOHHPAF82EJOSuQqXdTPlZohh0Cix/4WvAhz7y3m2RkRc+TSX0V3M1bQgnIo2SIvyJeL5fBq9QKZ4kAkuFrawvXI+c3Cc8g0fR4XICNws5mSE4JtunWICXRfSeq2zoobZ+stWGfxVjlJzpMKL8MVN/bL2Rw5rNHaV0wifoYKmJgg65Jf3Z4QWdr94b2AG8i14nOD+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wcC6pjufzHBH6aQyXNmzvCQTSbKzN1neZortAfVE2w0=; b=XWXJEJ+PJY7pk1HOjWW/9FwnvrarQBpbgU8sMpM2zJiDxPjbJmRP08LJixz5DtMHO9QbgxC/CKRPeaj35wIKM56NTGM2mzUrd/HyKWJNk1/hiRJbV8ti3BXCqfWZz3w5vimRyOPtTFuQKDrwT/XcQZB8Vt5cQXApbLPPLH0lplPi+FtNxxTlc31HGRuezZOAqOPZhfDBxVbeDpduOdb6vD4/JzqYveb4DzL2znF5cl6Zde/Mquf/7sTOpeMg+0up8eP7EXHfPpMnd6pkKGSxlLowSzR4izLgm+Dc5vwVIGyN8C4A1FJYVEd3VOiou3F9GwRo3nZQLujzJEuhHXArBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by CH2PR22MB2055.namprd22.prod.outlook.com (2603:10b6:610:8f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.12; Thu, 16 Feb 2023 18:13:36 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%4]) with mapi id 15.20.6086.026; Thu, 16 Feb 2023 18:13:35 +0000
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <A7FFAE5B-85B1-4E42-8C08-58D6788DE48E@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EB418352-F1F4-4E63-BDBF-47FA18600F12"
Date: Thu, 16 Feb 2023 11:13:25 -0700
In-Reply-To: <b8b34b95-1b9c-37d6-9788-d30be719d0af@gmail.com>
Cc: cbor@ietf.org, "cose@ietf.org" <cose@ietf.org>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
References: <CACrqygDmeTin3WmyOtdJH4UZQqqTncnBCqxFY-A2uE87RmJX_w@mail.gmail.com> <b8b34b95-1b9c-37d6-9788-d30be719d0af@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: FR3P281CA0200.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a5::15) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|CH2PR22MB2055:EE_
X-MS-Office365-Filtering-Correlation-Id: fd7083ee-8f60-436d-b84a-08db1049851c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HNAzJtqc9CaWh7GTHTmhoKoqISmiq4xbKK45dmJbIrD4IY7U8V+/qs8oRu7U5xbdSBCmPAi1m4RRIxD2cOBw3uGbpbR7kUJ9FzWvmioVCpIJiI4K4B+mfwRW748uR8Vz1P3hVw75DhykKp8RMySFjBgL82YG5gwE9aIa9l4yWt0htT3fWpUothwMIw+k+qch2UEdo0L31u5y8QZ2R7eLRS3HzOXFu/6kEgsDQmQJaP2n7GuS5hh7EXlLZi9SNquPILZmPvuZfs6Qd7blLzkPAVcOn9XCBUMG6FVz48yPShYiVCcVgYMWcaPOPNJe7EK7b3jKlxi9MtbYk74zgPF9Qj/toOVw3/tek2oTqk63UbNNx7aUblWsBRVZwDLPmaOBCiApkRqG5nWUg0+7eqLd9Q6hBcnoaAKIuT2ZJeIckjnMceDRpoDzMYmQAlxAHygrbO/wTZ31fW5uDs+lzGL+UNzilvwSRUvd49US9VpZCG1mF20Hs0wf9tBPove+8ewbSnFZxO55VxzFEyvngQd7OTmGxoiNzLt1WgRjCQVNoH1d34iNj2nu6xHM203DW7KZ3Wr41NmtAkaeMb6lLM9KbBS/ASCedl60TVtTrH+D07etAJYMGbKilu4UJ/GzUj6YDyE+qoOtJOkoyayZv3L8nYnGQbJj/BSMjMOtSLVgt8X8BAt4GW/DF/RFSYV7VAv4Uf450VZgckz0867QttOiGB+flIu5Aqw12KSP9woNxhU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(346002)(39830400003)(366004)(376002)(136003)(451199018)(5660300002)(38350700002)(966005)(6486002)(36756003)(2906002)(86362001)(52116002)(6666004)(166002)(33656002)(33964004)(53546011)(6506007)(6512007)(186003)(26005)(478600001)(2616005)(4326008)(6916009)(8676002)(41300700001)(66476007)(66556008)(83380400001)(66946007)(38100700002)(8936002)(316002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: eQVwI73AztkY10yAsR1XVp+tA5yaeCf8wPrFl0RnqYsN/7r+GTCpYHikENYRH232ZweX1Ui/7D9xdFpzNSLpZekYbn0xqZjgNsT6PGK5MmDz45qeHHgpC+MFViLuYRNm0SctLoiRenRMvBxIN4nDDXOx6ygziPdaK1p3GW+s2vcncCaHSFWPvSXyfLquJPU6Wv12ZuLQwzdogvxAhWpS6s2yqgxvErkGF1nhgifmiCp7EaGtb/gEhKGtvjXqC8W+USDBEDAi18PksY+U+nC6o/iEnPD11sp+7qEpgqHuJK+w5FD4C+kOromN5gqqBHGFhSx1cmDUs1MOSo27JkKfPbc90p4AGBvxURCcvsYkKWb5fH/De5xN0HAtVcIEr1sa93vRizuua2Z2QUJA428cqe42Fpuz4wfvJHWzVqtao4o4WgqFi/t+6Vg6pvsoFU5QROpn0xymm8ElnbHS+0GNO5ADkbBraj1x0ZLZmzIvZPkRYJ+tbUn+tCEPTza2n93SuPA0yet9By+uJ6LnG8SEV7K08m1Vhob9vyJlkKk+8kUycucfVffSYs6O75V5L3VvN9rofBEykkV5XfAE9UOKqwfhm09PY9dMN/ob7FwNQyVHMCznhehDoG1drKg9bw35t3qDFz2Rfb4xqBZjCkRJop9CGNfcqAtJ24GzOQeM6dr1ZbuHgpXqQSu3UuhABOkWUEhZBiQIIxUrXcd14dDWXPQbuDqsFltmdZ0mGGwTk1syXsutttlEhTVDG7NhhtQq/2XyVh5pZoJj1YZBYJJxqKSqTr0TVlAinAluVkGCAZVKJRSFlGyQK4b7b7kyiCaGszoLerp7Vvk6X83jKvvCsVnt1ec5Urj/TVx7crNP68jobwA8ALn9kx5MHxp4j/Q4k80F1OZ5nK/bk4usW26esYYwmNPMcE+BeR4lkOkgEc1lnEd2S5ayVFZkIjwvPbGc0S/vQm6AxSCwxTbMMSwf+4nWabmLlEdWn7DOr7RcPD8CW6QoTXGKCDVfeXEkPG+L1tMsza9twqwhEJpCLJtio56XV7E+dQN/D5LZEHmcQvAXeKQBsZV+GP/TOzsxB08SHOGRaec/UeF3T+ikLc8/+V3eHmxndCn/e0jne9Q97tpkXSvZc5qUKFGffzuTWzJpMKpc+SxJ66h5uXbPgMVYSUJMlEmatITgBYMoXxQH02PIO/PSwXCfuuH+rRmQtH29aFNXlfBCnP8AVt6MFoUdaX3onDP6TiFY0sGSN/I8OaOaUK5hJbOzJ96Gpnzn1zqjieMWpJ16XdJq2PxqRnarCwfmYhSJ+jH+59ekc1AuS1obuvc3kHMY62yCG1qGrRJj1/tMgsf/ZgcmTXzSfznfeyJzWGTu3q6HWKpr45sIqlhSUfBmoDYWYXRtqW1yP6O+MgxQq4Cq4N8YPOZqUY+6fL7BZnFTgvSb13hE8JoEFqhdy4qYLFICcatCEZ2mAN0hjW6SWkRhdnhc5Qq/mnGRbkKn9V7V16M/U2O1tleOpNilo+7VUq+qvLwshmA0CA1hKZAmdd7wUPJV3sqhPwDiXNF8/WqVYRV3s87ETHoIb6a7Ss0JsJ1KtotLAPzAXWwH
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd7083ee-8f60-436d-b84a-08db1049851c
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2023 18:13:35.7778 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 8lmUy9ZZ06aOsd1nnFDQKlPAk/s7T4DTF15LuwWsb2KRmhXks4L0yFl5Fj5ldwiiqmZUeUeW2kUzbjxzatmiHw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR22MB2055
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/TNAkxSH-chDFIKkONjN1qAntPkU>
Subject: Re: [Cbor] [COSE] New deterministic CBOR Libraries (Rust & Swift) from Blockchain Commons
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2023 18:13:46 -0000

Hi,

I didn’t read the referenced source, but I’m curious why deterministic is so heavily emphasized. Seems like there’s two cases:

1) You transmit the signed/hashed data with signature/hash in which case you don’t need determinism.
2) The sender and receiver independently do the CBOR encoding of what is signed/hashed, in which case you do need determinism.

The encoding of Sig_structure in COSE is an example of 2), and the payload of a COSE_Sign is an example of 1). Are you doing a lot of 2) here?

Also, what is the limitation with COSE? Seems like you could use a detached signature where the payload is independently and deterministically computed rather than transmitted.

Is there a further detailed definition of determinism, such as what to do with floats?

LL



> On Feb 15, 2023, at 10:12 PM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> Deterministic CBOR will as I predicted go where JOSE and COSE did not.
> What's missing (IMO) is well-defined subset where for example map keys would either be tstr or integer.
> Anders
> 
> 
> -------- Forwarded Message --------
> Subject:	New deterministic CBOR Libraries (Rust & Swift) from Blockchain Commons
> Resent-Date:	Thu, 16 Feb 2023 01:00:25 +0000
> Resent-From:	public-vc-wg@w3.org <mailto:public-vc-wg@w3.org>
> Date:	Wed, 15 Feb 2023 16:59:31 -0800
> From:	Christopher Allen <ChristopherA@lifewithalacrity.com> <mailto:ChristopherA@lifewithalacrity.com>
> To:	Credentials Community Group <public-credentials@w3.org> <mailto:public-credentials@w3.org>, W3C Verifiable Credentials WG <public-vc-wg@w3.org> <mailto:public-vc-wg@w3.org>
> CC:	Wolf McNally <wolf@wolfmcnally.com> <mailto:wolf@wolfmcnally.com>, Shannon Appelcline <shannon.appelcline@gmail.com> <mailto:shannon.appelcline@gmail.com>
> 
> Since I know that many projects in the broader Credentials Community already use CBOR, I'd like to announce Blockchain Commons' release of dCBOR libraries for Rust and Swift. In particular, these two languages demonstrate our support of use cases for dCBOR for mobile in Android and iOS:
> dCBOR Codec for Rust: https://github.com/BlockchainCommons/bc-dcbor-rust <https://github.com/BlockchainCommons/bc-dcbor-rust>
> dCBOR Codec for Swift: https://github.com/BlockchainCommons/BCSwiftDCBOR <https://github.com/BlockchainCommons/BCSwiftDCBOR>We've also produced a CLI app using our Rust library, which can be used to test parsing and validation:
> dCBOR CLI: https://github.com/BlockchainCommons/dcbor-cli <https://github.com/BlockchainCommons/dcbor-cli>We focused on the deterministic flavor of CBOR per §4.2 of RFC-8949  <https://www.rfc-editor.org/rfc/rfc8949.html#name-deterministically-encoded-c>because of our specific need to produce deterministically repeatable hashes in the Merkle Tree underlying our Gordian Envelope <https://www.blockchaincommons.com/introduction/Envelope-Intro/> data format. We suspect that there will be others with similar needs and hope these dCBOR libraries will prove useful for other specs & standards using CBOR!
> 
> I'd love to get any advice, comments, or thoughts you have on our dCBOR libraries, as well as any requirements that the libraries may need to meet. I'd also appreciate to get any CCG-related CBOR test examples that we can use in documents and examples, such as mDL and COSE tests.
> 
> I'm also happy to discuss why we picked CBOR <https://www.blockchaincommons.com/introduction/Why-CBOR/> as a data format and why dCBOR is particularly advantageous, either here or in our discussion forums at GitHub <https://github.com/orgs/BlockchainCommons/discussions/184>.
> 
> Thanks!
> 
> -- Christopher Allen
>    Blockchain Commons
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.40.3 | Report a Bug | By Email | System Status